内容简介:本文风哥教程参考Linux官方文档、Red Hat Enterprise Linux官方文档、Ansible Automation Platform官方文档、Docker官方文档、Kubernetes官方文档和Podman官方文档等内容,详细介绍了相关技术的配置和使用方法。
风哥提示:
本文档介绍Podman容器技术的基础知识和安装配置方法。
Part01-Podman概述
1.1 Podman简介
[root@podman ~]# cat > /root/podman-intro.txt << 'EOF' Podman与Docker对比 ================== 1. 架构差异 - Podman: 无守护进程,rootless模式 - Docker: 需要守护进程,root权限 2. 安全性 - Podman: 更安全,用户命名空间 - Docker: 需要root权限 3. 兼容性 - Podman: 兼容Docker CLI - 支持Docker镜像格式 4. Pod支持 - Podman: 原生支持Pod概念 - Docker: 需要Compose 5. Systemd集成 - Podman: 原生Systemd支持 - Docker: 需要额外配置 EOF # 安装Podman [root@podman ~]# dnf install -y podman podman-docker # 查看版本 [root@podman ~]# podman version Client: Podman Engine Version: 4.9.0 API Version: 4.9.0 Go Version: go1.21.5 Built: Sat Dec 2 10:00:00 2026 OS/Arch: linux/amd64 Server: Podman Engine Version: 4.9.0 API Version: 4.9.0 Go Version: go1.21.学习交流加群风哥微信: itpux-com5 Built: Sat Dec 2 10:00:00 2026 OS/Arch: linux/amd64 # 查看信息 [root@podman ~]# podman info host: arch: amd64 学习交流加群风哥QQ113257174buildahVersion: 1.32.0 cgroupControllers: - cpuset - cpu - io - memory - pids cgroupManager: systemd cgroupVersion: v2 conmon: package: conmon-2.1.8-1.el9.x86_64 path: /usr/bin/conmon version: 'conmon version 2.1.8, commit: abc123' cpuUtilization: userPercent: 0.00 systemPercent: 0.10 idlePercent: 99.90 cpus: 4 databaseBackend: boltdb distribution: distribution: '"Rocky Linux"' version: "9.3" eventLogger更多学习教程公众号风哥教程itpux_com: journald hostname: podman.fgedu.net.cn idMappings: gidmap: - container_id: 0 host_id: 1000 size: 1 - container_id: 1 host_id: 100000 size: 65536 uidmap: - container_id: 0 host_id: 1000 size: 1 - container_id: 1 host_id: 100000 size: 65536 kernel: 5.14.0-284.11.1.el9_2.x86_64 linkmode: dynamic logDriver: journald memFree: 7234510848 memTotal: 8234510848 networkBackend: cni ociRuntime: name: crun package: crun-1.12-1.el9.x86_64 path: /usr/bin/crun version: |- crun version 1.12 commit: abc123 os: linux remoteSocket: exists: true path: /run/user/1000/podman/podman.sock security: apparmorEnabled: false capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT rootless: true seccompEnabled: true seccompProfilePath: /usr/share/containers/seccomp.json selinuxEnabled: true serviceIsRemote: false slirp4netns: executable: /usr/bin/slirp4netns package: slirp4netns-1.2.2-1.el9.x86_64 version: |- slirp4netns version 1.2.2 commit: abc123 swapFree: 8234510848 swapTotal: 8234510848 uptime: 24h 0m 0.00s (Approximately 1.00 days) plugins: authorization: null log: - k8s-file - none - passthrough - journald network: - bridge - macvlan - ipvlan volume: - local registries: search: - registry.access.redhat.com - registry.redhat.io - docker.io - quay.io store: configFile: /home/fgedu/.config/containers/storage.conf containerStore: number: 0 paused: 0 running: 0 stopped: 0 graphDriverName: overlay graphRoot: /home/fgedu/.local/share/containers/storage graphRootAllocated: 107374182400 graphRootUsed: 10737418240 imageCopyTmpDir: /var/tmp imageStore: number: 0 runRoot: /run/user/1000/containers volumePath: /home/fgedu/.local/share/containers/storage/volumes version: APIVersion: 4.9.0 Built: 1701507600 BuiltTime: Sat Dec 2 10:00:00 2026 GitCommit: "" GoVersion: go1.21.5 Os: linux OsArch: linux/amd64 Version: 4.9.0
Part02-镜像管理
2.1 镜像操作
[root@podman ~]# podman search nginx
INDEX NAME DESCRIPTION STARS OFFICIAL
docker.io docker.io/library/nginx Official build of Nginx. 17000 [OK]
docker.更多视频教程www.fgedu.net.cnio docker.io/jwilder/nginx-proxy Automated Nginx reverse proxy for docker con… 2100
docker.io docker.io/richarvey/nginx-php-fpm Container running Nginx + PHP-FPM capable … 800
# 拉取镜像
[root@podman ~]# podman pull docker.io/library/nginx:latest
Trying to pull docker.io/library/nginx:latest…
Getting image source signatures
Copying blob a2abf6c4d29d done
Copying blob a9edb18cadd1 done
Copying blob 589b7251471a done
Copying config 605c77e624 done
Writing manifest to image destination
Storing signatures
605c77e624dd751e2b3b3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d
# 查看本地镜像
[root@podman ~]# podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/library/nginx latest 605c77e624dd 2 weeks ago 141 MB
# 查看镜像详情
[root@podman ~]# podman inspect nginx:latest
[
{
“Id”: “605c77e624dd751e2b3b3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d”,
“Digest”: “sha256:0d17b565c37bcbd895e9d92315a05ed186083e3d3b3a8d1f9f5d3b9d5d5d5d5d”,
“RepoTags”: [
“docker.io/library/nginx:latest”
],
“RepoDigests”: [
“docker.io/library/nginx@sha256:0d17b565c37bcbd895e9d92315a05ed186083e3d3b3a8d1f9f5d3b9d5d5d5dfrom PG视频:www.itpux.com5d”
],
“Created”: “2026-04-01T00:00:00Z”,
“Size”: 141298678,
“Architecture”: “amd64”,
“Os”: “linux”
}
]
# 删除镜像
[root@podman ~]# podman rmi nginx:latest
Untagged: docker.io/library/nginx:latest
Deleted: 605c77e624dd751e2b3b3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d
Part03-容器管理
3.1 容器操作
[root@podman ~]# podman run -d –name fgedu-nginx -p 80:80 nginx:latest
Resolving “nginx” using unqualified-search registries (/etc/containers/registries.conf)
Trying to pull docker.io/library/nginx:latest…
Getting image source signatures
Copying blob a2abf6c4d29d done
Copying blob a9edb18cadd1 done
Copying blob 589b7251471a done
Copying config 605c77e624 done
Writing manifest to image destination
Storing signatures
abc123def456789012345678901234567890123456789012345678901234
# 查看容器
[root@podman ~]# podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
abc123def456 docker.io/library/nginx:latest nginx -g daemon o… 5 seconds ago Up 4 seconds ago 0.0.0.0:80->80/tcp fgedu-nginx
# 查看所有容器
[root@podman ~]# podman ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
abc123def456 docker.io/library/nginx:latest nginx -g daemon o… 1 minute ago Up 1 minute ago 0.0.0.0:80->80/tcp fgedu-nginx
# 进入容器
[root@podman ~]# podman exec -it fgedu-nginx bash
root@abc123def456:/# hostname
abc123def456
root@abc123def456:/# exit
exit
# 查看日志
[root@podman ~]# podman logs fgedu-nginx
/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
/docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
/docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
/docker-entrypoint.sh: Configuration complete; ready for start up
# 停止容器
[root@podman ~]# podman stop fgedu-nginx
fgedu-nginx
# 启动容器
[root@podman ~]# podman start fgedu-nginx
fgedu-nginx
# 删除容器
[root@podman ~]# podman rm -f fgedu-nginx
abc123def456789012345678901234567890123456789012345678901234
- 使用rootless模式提高安全性
- 配置镜像仓库加速
- 使用Pod管理相关容器
- 集成Systemd管理服务
- 定期清理无用镜像和容器
本文由风哥教程整理发布,仅用于学习测试使用,转载注明出处:http://www.fgedu.net.cn/10327.html
